Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NTClientLoginV2.exe

windows7-x64

7

NTClientLoginV2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NTClientLoginV2.exe

  • Size

    19.6MB

  • MD5

    2f639e60f45e291ea337f51767628568

  • SHA1

    c69f8a8436e71765c30ddd9a7be1b14768edc659

  • SHA256

    a5c3291fae5d8003d9c0b093bf97bb3de079c75d4ffc5e9a8839e44074bf3d6b

  • SHA512

    d600f6f9cc57bf14d17ebcc880d7ac85de9071831779c8c96ec56db677d553dde2cec31b5d7f2327780d01bad89b0d0083f5244a54bf424784d3bf553c98c27d

  • SSDEEP

    393216:no9Du63QD08kE7hAT0L+9qz8YSJH+1JYJGcH6dpdwqYV1:o97Qx+0+9q4YSJH+1+QcmAqc

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NTClientLoginV2.exe
    "C:\Users\Admin\AppData\Local\Temp\NTClientLoginV2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\NTClientLoginV2.exe
      "C:\Users\Admin\AppData\Local\Temp\NTClientLoginV2.exe"
      2⤵
      • Loads dropped DLL
      PID:1696
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI20202\python311.dll
      Filesize

      1.6MB

      MD5

      76eb1ad615ba6600ce747bf1acde6679

      SHA1

      d3e1318077217372653be3947635b93df68156a4

      SHA256

      30be871735591ad96bc3fc7e541cdef474366159c2f7443feb30739cbd2db7e1

      SHA512

      2b960e74dd73f61d6a44fef0de9f2d50bcf2ec856b7aa5b97f0107e3cdadea461790760668a67db2ecaf71ff323133ee39ce2b38aafff3629c14e736d6a64aeb

      Download Submit

    • memory/1696-109-0x000007FEF5830000-0x000007FEF5E1E000-memory.dmp

      Filesize

      5.9MB

      Download